Saturday, August 01, 2009

SCADA Watch: Open Sesame! Network Attack Literally Unlocks Doors

Security researchers have spent a lot of time the last couple of years cracking building access systems from the level of the user device — RFID and smartcards, for example.

But a researcher in Texas found that he could crack one electronic access system at the network control level and simply open a door with a spoofed command sent over the network, eliminating the need for an access card. He could do it while bypassing the audit log, so the system wouldn’t see that someone opened the door.

The hack is possible because the system uses predictable TCP sequence numbering.

Ricky Lawshae, a network technician for Texas State University, presented his findings on Friday at the DefCon hacker conference.